[libvirt] [ruby-libvirt] Don't free more entries than we retrieved
Guido Günther
agx at sigxcpu.org
Tue Jan 7 21:04:19 UTC 2014
On Tue, Jan 07, 2014 at 03:38:48PM -0500, Chris Lalancette wrote:
> On Tue, Jan 7, 2014 at 3:24 PM, Guido Günther <agx at sigxcpu.org> wrote:
> > The vir*List* functions return the number of fetched entries. We mustn't
> > free more, otherwise we'll crash like
> >
> > #0 0xb779d424 in __kernel_vsyscall ()
> > #1 0xb733981f in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> > #2 0xb733ccd3 in __GI_abort () at abort.c:90
> > #3 0xb7376275 in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0xb74767d0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
> > #4 0xb7380e52 in malloc_printerr (action=<optimized out>, str=<optimized out>, ptr=0xb7087000) at malloc.c:4923
> > #5 0xb7381b90 in _int_free (av=0xb74b7440 <main_arena>, p=0xb7086ff8, have_lock=0) at malloc.c:3779
> > #6 0xb75c059f in ruby_xfree () from /usr/lib/libruby-1.9.1.so.1.9
> > #7 0xb7076448 in ruby_libvirt_generate_list () from /usr/lib/ruby/vendor_ruby/1.9.1/i486-linux/_libvirt.so
> > ...
> >
> > since we're trying to free random addresses.
>
> Hm, this is pretty weird. At all ruby_libvirt_generate_list() call
> sites, there is a line of code that precedes it that checks for r < 0.
> If r is less than 0, then we generate an exception, which means that
> the code that follows should never be called, and thus we should never
> need this patch.
The check for < 0 might be superfluos but freeing num entries instead of
only r ones looks wrong to me since r is the number of allocated names,
not num. I'm happy to send a patch dropping the < 0 part.
> Can you explain a bit more why this patch helps, and/or give me a test
> case that will cause it to fail?
I've been running test_nodedevice as non root which triggered this.
Cheers,
-- Guido
>
> Thanks,
> Chris
>
More information about the libvir-list
mailing list